Both lawsuits seek class-action status to represent all those whose information might have been stolen or sold on "the dark web," as one of the lawsuits refers to it.
Several Harrison County residents who were Singing River customers filed one of the lawsuits against the Singing River Health System Foundation, which is actually the charitable arm of Singing River Health System, the nonprofit that operates hospitals in Gulfport, Ocean Springs and Pascagoula.
Erica Williams, identified as a Pascagoula resident who was employed by Singing River, filed the second lawsuit against Singing River Health System, doing business as Singing River Gulfport.
Both lawsuits say employees and consumers weren't individually notified until January about data breach that Singing River discovered Aug. 19. But Singing River Health System had put a public notice about "the cyber attack" on its website by Aug. 21. The health system posted its latest update online on Jan. 19, the website shows.
"We have not received any indication that personal information has been misused at this time," Singing River's update says. The health system has not yet had time to file its responses to the lawsuits, which were filed Jan. 25 and Jan. 31.
What lawsuits say about MS Coast cyberattack
Attorneys for those suing say their clients will be at risk for years of having their personal information stolen, including Social Security numbers and medical records. One of the lawsuits says Singing River is offering those affected only one year of credit monitoring at no cost, while the other says the health system is offering two years of monitoring.
Both lawsuits allege that Singing River failed to secure the personal and health information of its patients, even though cyber thieves value medical records because they contain so much personal and health information.
The lawsuit filed by Williams says that she and others "have been exposed to a heightened and imminent risk of fraud and identity theft" and "must now and for years into the future closely monitor their financial accounts to guard against identity theft."
Class-action status sought for hospital case
Each lawsuit seeks class-action status, which groups all those potentially injured into one case. U.S. District Judge Louis Guirola, who is presiding over the lawsuits, will decide whether they should proceed individually or as a group.
Guirola is also presiding over data breach lawsuits that have been filed against Bienville Orthopaedic Specialists LLC, a group of 17 Coast doctors whose practice experienced a data breach with ransom demand last year. The Singing River breach also involved a ransom demand, the health system has previously confirmed.
Attorneys also are jockeying to represent the entire class of individuals potentially harmed by the Bienville breach. Bienville representative Lee Bond said Thursday that no identity theft cases have been reported to the practice as a result of the data breach.
In the Singing River cases, attorneys allege that Singing River was negligent in protecting personal data, breached an implied duty to keep the records safe and breached its role of trust. The lawsuit filed by Williams also accuses the health care provider of unjustly enriching itself by spending too little on cyber security.
The lawsuits ask that Guirola order Singing River to provide more secure record-keeping and compensate victims for the damage they've suffered. One of the lawsuits says Singing River should also provide 10 years of credit monitoring and pay out the money it saved on cyber security. The lawsuits also seek court costs, attorneys' fees and other concessions.
© 2024 The Sun Herald (Biloxi, Miss.). Distributed by Tribune Content Agency, LLC.
